$expired = $params->def('expired', '');
$expired_time = $params->def('expired_time', '');
// if now expired link set or expired time is more than half the admin session life set, simply load normal admin homepage
$checktime = ($mosConfig_session_life_admin ? $mosConfig_session_life_admin : 1800) / 2;
if (!$expired || $now - $expired_time > $checktime) {
$expired = 'index2.php';
}
// link must also be a Joomla link to stop malicious redirection
if (strpos($expired, 'index2.php?option=com_') !== 0) {
$expired = 'index2.php';
}
// clear any existing expired page data
$params->set('expired', '');
$params->set('expired_time', '');
// param handling
if (is_array($params->toArray())) {
$txt = array();
foreach ($params->toArray() as $k => $v) {
$txt[] = "{$k}={$v}";
}
$saveparams = implode("\n", $txt);
}
// save cleared expired page info to user data
$query = "UPDATE #__users" . "\n SET params = " . $database->Quote($saveparams) . "\n WHERE id = " . (int) $my->id . "\n AND username = "******"\n AND usertype = " . $database->Quote($my->usertype);
$database->setQuery($query);
$database->query();
}
// check if auto_purge value set
if ($my->cfg_name == 'auto_purge') {
$purge = $my->cfg_value;
} else {
function showItem($uid, $gid, &$access, $pop, $option = 'com_content', $now)
{
global $database, $mainframe, $Itemid;
global $mosConfig_MetaTitle, $mosConfig_MetaAuthor;
$now = _CURRENT_SERVER_TIME;
$nullDate = $database->getNullDate();
if ($access->canEdit) {
$xwhere = '';
} else {
$xwhere = " AND ( a.state = 1 OR a.state = -1 )" . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )";
}
// main query
$query = "SELECT a.*, u.name AS author, u.usertype, cc.name AS category, s.name AS section, g.name AS groups," . "\n s.published AS sec_pub, cc.published AS cat_pub, s.access AS sec_access, cc.access AS cat_access," . "\n s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" . "\n LEFT JOIN #__groups AS g ON a.access = g.id" . "\n WHERE a.id = " . (int) $uid . $xwhere . "\n AND a.access <= " . (int) $gid;
$database->setQuery($query);
$row = NULL;
if ($database->loadObject($row)) {
/*
* check whether category is published
*/
if (!$row->cat_pub && $row->catid) {
mosNotAuth();
return;
}
/*
* check whether section is published
*/
if (!$row->sec_pub && $row->sectionid) {
mosNotAuth();
return;
}
/*
* check whether category access level allows access
*/
if ($row->cat_access > $gid && $row->catid) {
mosNotAuth();
return;
}
/*
* check whether section access level allows access
*/
if ($row->sec_access > $gid && $row->sectionid) {
mosNotAuth();
return;
}
$params = new mosParameters($row->attribs);
$params->set('intro_only', 0);
$params->def('back_button', $mainframe->getCfg('back_button'));
if ($row->sectionid == 0) {
$params->set('item_navigation', 0);
} else {
$params->set('item_navigation', $mainframe->getCfg('item_navigation'));
}
// loads the links for Next & Previous Button
if ($params->get('item_navigation')) {
// Paramters for menu item as determined by controlling Itemid
$menu = $mainframe->get('menu');
$mparams = new mosParameters($menu->params);
// the following is needed as different menu items types utilise a different param to control ordering
// for Blogs the `orderby_sec` param is the order controlling param
// for Table and List views it is the `orderby` param
$mparams_list = $mparams->toArray();
if (array_key_exists('orderby_sec', $mparams_list)) {
$order_method = $mparams->get('orderby_sec', '');
} else {
$order_method = $mparams->get('orderby', '');
}
// additional check for invalid sort ordering
if ($order_method == 'front') {
$order_method = '';
}
$orderby = _orderby_sec($order_method);
// array of content items in same category correctly ordered
$query = "SELECT a.id" . "\n FROM #__content AS a" . "\n WHERE a.catid = " . (int) $row->catid . "\n AND a.state = " . (int) $row->state . ($access->canEdit ? '' : "\n AND a.access <= " . (int) $gid) . $xwhere . "\n ORDER BY {$orderby}";
$database->setQuery($query);
$list = $database->loadResultArray();
// this check needed if incorrect Itemid is given resulting in an incorrect result
if (!is_array($list)) {
$list = array();
}
// location of current content item in array list
$location = array_search($uid, $list);
$row->prev = '';
$row->next = '';
if ($location - 1 >= 0) {
// the previous content item cannot be in the array position -1
$row->prev = $list[$location - 1];
}
if ($location + 1 < count($list)) {
// the next content item cannot be in an array position greater than the number of array postions
$row->next = $list[$location + 1];
}
}
// page title
$mainframe->setPageTitle($row->title);
if ($mosConfig_MetaTitle == '1') {
$mainframe->addMetaTag('title', $row->title);
}
if ($mosConfig_MetaAuthor == '1') {
$mainframe->addMetaTag('author', $row->author);
}
show($row, $params, $gid, $access, $pop);
} else {
mosNotAuth();
return;
}
}
function initSessionAdmin($option, $task)
{
global $_VERSION, $mosConfig_admin_expired;
// logout check
if ($option == 'logout') {
require $GLOBALS['mosConfig_absolute_path'] . '/administrator/logout.php';
exit;
}
$site = $GLOBALS['mosConfig_live_site'];
// check if session name corresponds to correct format
if (session_name() != md5($site)) {
echo "<script>document.location.href='index.php'</script>\n";
exit;
}
// restore some session variables
$my = new mosUser($this->_db);
$my->id = intval(mosGetParam($_SESSION, 'session_user_id', ''));
$my->username = strval(mosGetParam($_SESSION, 'session_username', ''));
$my->usertype = strval(mosGetParam($_SESSION, 'session_usertype', ''));
$my->gid = intval(mosGetParam($_SESSION, 'session_gid', ''));
$my->params = mosGetParam($_SESSION, 'session_user_params', '');
$session_id = mosGetParam($_SESSION, 'session_id', '');
$logintime = mosGetParam($_SESSION, 'session_logintime', '');
if ($session_id != session_id()) {
// session id does not correspond to required session format
echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
exit;
}
// check to see if session id corresponds with correct format
if ($session_id == md5($my->id . $my->username . $my->usertype . $logintime)) {
// if task action is to `save` or `apply` complete action before doing session checks.
if ($task != 'save' && $task != 'apply') {
// test for session_life_admin
if (@$GLOBALS['mosConfig_session_life_admin']) {
$session_life_admin = $GLOBALS['mosConfig_session_life_admin'];
} else {
$session_life_admin = 1800;
}
// purge expired admin sessions only
$past = time() - $session_life_admin;
$query = "DELETE FROM #__session" . "\n WHERE time < '" . (int) $past . "'" . "\n AND guest = 1" . "\n AND gid = 0" . "\n AND userid <> 0";
$this->_db->setQuery($query);
$this->_db->query();
$current_time = time();
// update session timestamp
$query = "UPDATE #__session" . "\n SET time = " . $this->_db->Quote($current_time) . "\n WHERE session_id = " . $this->_db->Quote($session_id);
$this->_db->setQuery($query);
$this->_db->query();
// set garbage cleaning timeout
$this->setSessionGarbageClean();
// check against db record of session
$query = "SELECT COUNT( session_id )" . "\n FROM #__session" . "\n WHERE session_id = " . $this->_db->Quote($session_id) . "\n AND username = "******"\n AND userid = " . intval($my->id);
$this->_db->setQuery($query);
$count = $this->_db->loadResult();
// if no entry in session table that corresponds boot from admin area
if ($count == 0) {
$link = NULL;
if ($_SERVER['QUERY_STRING']) {
$link = 'index2.php?' . $_SERVER['QUERY_STRING'];
}
// check if site designated as a production site
// for a demo site disallow expired page functionality
// link must also be a Joomla link to stop malicious redirection
if ($link && strpos($link, 'index2.php?option=com_') === 0 && $_VERSION->SITE == 1 && @$mosConfig_admin_expired === '1') {
$now = time();
$file = $this->getPath('com_xml', 'com_users');
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
$params = new mosParameters($my->params, $file, 'component');
} else {
$errorlevel = error_reporting();
error_reporting(0);
$params = new mosParameters($my->params, $file, 'component');
error_reporting($errorlevel);
}
// return to expired page functionality
$params->set('expired', $link);
$params->set('expired_time', $now);
// param handling
if (is_array($params->toArray())) {
$txt = array();
foreach ($params->toArray() as $k => $v) {
$txt[] = "{$k}={$v}";
}
$saveparams = implode("\n", $txt);
}
// save expired page info to user data
$query = "UPDATE #__users" . "\n SET params = " . $this->_db->Quote($saveparams) . "\n WHERE id = " . (int) $my->id . "\n AND username = "******"\n AND usertype = " . $this->_db->Quote($my->usertype);
$this->_db->setQuery($query);
$this->_db->query();
}
echo "<script>document.location.href='index.php?mosmsg=Admin Session Expired'</script>\n";
exit;
} else {
// load variables into session, used to help secure /popups/ functionality
$_SESSION['option'] = $option;
$_SESSION['task'] = $task;
}
}
} else {
if ($session_id == '') {
// no session_id as user has not attempted to login, or session.auto_start is switched on
if (ini_get('session.auto_start') || !ini_get('session.use_cookies')) {
echo "<script>document.location.href='index.php?mosmsg=You need to login. If PHP\\'s session.auto_start setting is on or session.use_cookies setting is off, you may need to correct this before you will be able to login.'</script>\n";
} else {
echo "<script>document.location.href='index.php?mosmsg=You need to login'</script>\n";
}
exit;
} else {
// session id does not correspond to required session format
echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
exit;
}
}
return $my;
}
